Computer security threats are becoming an almost everyday occurrence. In conjunction with computer security, computer users are bombarded with terms like antivirus software, firewalls, updates, signatures, and the like. In the past, security was handled by experts who could readily determine whether a computer system was current with respect to antivirus updates, firewalls, operating system updates, and the like. At the corporate level, many companies have dealt with security issues by placing computers behind corporate firewalls and obtaining antivirus software that scans incoming e-mail, thus shielding the end user from some of the complexities of maintaining security.
Small business and home computer users, however, often do not have access to the information technology professionals found at large companies. Whether the computers for such groups of users are adequately protected, depends largely upon the expertise and knowledge of each individual user. Because of information technology budgets and resources and the creativity of computer virus creators, even corporate computer users who rely on information technology professionals may not be adequately protected, particularly as new threats arise. Unfortunately, computer users in both small and large organizations often have insufficient knowledge as to how protected they are or how they should respond to new threats.
What is needed is a framework for monitoring, reporting, and notifying with respect to protection levels on a computer. Ideally, the framework would allow security providers to indicate the security statuses of their associated solutions and would allow consumer applications to readily access this information.